Monday, March 16, 2015

ISIS Adjacencies filtration


Configure all router running ISIS protocol

R1#
interface Loopback0
 ip address 1.1.1.1 255.255.255.0
 ip router isis 1
!
interface FastEthernet0/0
 ip address 10.1.12.1 255.255.255.0
 ip router isis 1
!
router isis 1
 net 49.0001.0000.0000.1111.00
R2#
interface Loopback0
 ip address 2.2.2.2 255.255.255.0
!
interface FastEthernet0/0
 ip address 10.1.12.2 255.255.255.0
 ip router isis 1
!
interface FastEthernet0/1
 ip address 10.1.23.2 255.255.255.0
 ip router isis 1
!
router isis 1
 net 49.0023.0000.0000.2222.00
R3#
interface Loopback0
 ip address 3.3.3.3 255.255.255.0
 ip router isis 1
!
interface FastEthernet0/0
 ip address 10.1.23.3 255.255.255.0
 ip router isis 1
!
router isis 1
 net 49.0023.0000.0000.3333.00

Let's check neigbhor in R2:

R2#show isis ne
System Id      Type Interface   IP Address      State Holdtime Circuit Id
R1             L2   Fa0/0       10.1.12.1       UP    27       R2.01             
R3             L1   Fa0/1       10.1.23.3       UP    8        R3.01             
R3             L2   Fa0/1       10.1.23.3       UP    7        R3.01   

We can see R2 establish neighbor to R1 and R3.

Let’s config on R2, which remove neighbor to R3.

R2#
 clns filter-set AF deny 49.0023.0000.0000.3333.00          //deny only this NET address
 clns filter-set AF permit default                                            // allows any other neighbor
!
interface FastEthernet0/1
 ip address 10.1.23.2 255.255.255.0
 ip router isis 1
 isis adjacency-filter AF

Verify:

R2#show isis ne
System Id      Type Interface   IP Address      State Holdtime Circuit Id
R1             L2   Fa0/0       10.1.12.1       UP    27       R2.01             

It only establish neighbor with R1.

See debug:
R2#debug isis adj-packets
IS-IS Adjacency related packets debugging is on
*Mar  1 00:21:14.751: ISIS-Adj: Rec L2 IIH from c200.0704.0000 (FastEthernet0/0), cir type L1L2, cir id 0000.0000.2222.01, length 1497
*Mar  1 00:21:15.299: ISIS-Adj: Sending L2 LAN IIH on FastEthernet0/0, length 1497
*Mar  1 00:21:15.391: ISIS-Adj: Rec L2 IIH from c203.0bc8.0000 (FastEthernet0/1), cir type L1L2, cir id 0000.0000.3333.01, length 1497
*Mar  1 00:21:15.395: ISIS-Adj: Adjacency disallowed by filter
*Mar  1 00:21:16.775: ISIS-Adj: Rec L1 IIH from c200.0704.0000 (FastEthernet0/0), cir type L1L2, cir id 0000.0000.1111.01, length 1497
*Mar  1 00:21:16.779: ISIS-Adj: Area mismatch, level 1 IIH on FastEthernet0/0
*Mar  1 00:21:16.959: ISIS-Adj: Rec L1 IIH from c203.0bc8.0000 (FastEthernet0/1), cir type L1L2, cir id 0000.0000.3333.01, length 1497

*Mar  1 00:21:16.963: ISIS-Adj: Adjacency disallowed by filter

Posted by at
Labels:

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)
Twitter Delicious Facebook Digg Stumbleupon Favorites More
RSS Feed Subscribe to Our RSS feed!
Follow Us on Twitter! Follow Us on Twitter!